Blog

In previous research from the Vectra Threat Labs, we learned that seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things (IoT). IoT is the unattended attack surface, and more IoT devices means bigger clone armies.

The recent public release of source code for malware named "Mirai" has proven exactly that. Mirai continuously scans the Internet for IoT devices using factory default usernames and passwords, primarily CCTV and DVRs.

Researchers from Vectra Threat Labs recently performed an in-depth analysis of vulnerabilities found in a common Belkin wireless repeater. Today in an article on Dark Reading, Vectra CTO Oliver Tavakoli digs into why seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things (IoT). Read the full article here.

Of particular importance to security teams, IoT is not only bringing far more devices into the network, but they are also devices that very rarely get patches and updates. This means that vulnerabilities can be left unaddressed for months or even years.Likewise, these devices are unlikely to be protected by signatures and will almost assuredly be unable to run client-based security.

Summary

On July 6th, information spread that the Italian company known as the Hacking Team were themselves the victims of a cyber attack. In the aftermath of this leak, Vectra researchers have analyzed the leaked data, and identified a previously unknown vulnerability in Internet Explorer 11 that impacts a fully patched IE 11 on both Windows 7 and Windows 8.1.

The hunt for the vulnerability began when we noticed an email from an external researcher who attempted to sell a proof-of-concept exploit to Hacking Team. The email was sent on 02/06/2015 and described an exploitable use-after-free bug in Internet Explorer 11. While Hacking Team ultimately declined to buy the PoC exploit, the email gave enough information for Vectra researchers to find and analyze the vulnerability.

While Hacking Team declined to purchase the PoC exploit, there is a chance the researcher went elsewhere to sell it, meaning that it may have been exploited in the wild.